If you want to be as safe as possible here is what I suggest :
The password has to be sent through an https connection of course.
On server-side when you receive the password, hash it again in sha256 (or another algorithm, it doesn't matter, but sha256 is safe and relatively fast to compute) and compare it with a local file containing the password hashed 2 times
To recap :
Moreover if you're being paranoiac, you can salt your password to prevent any bruteforce using rainbow tables